crypto/openssl: support SM3/SM4 in openssl
Checks
Commit Message
Added SM3 support in openssl, and added SM4-EBC/
SM4-CBC/SM4-CTR support in openssl.
Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
---
doc/guides/cryptodevs/features/openssl.ini | 4 +
doc/guides/cryptodevs/openssl.rst | 4 +
drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 82 ++++++++++++++++++++
4 files changed, 110 insertions(+)
Comments
> Subject: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
You should update the title with version number to identify each
Version and remove confusion.
Also, I see that there are compilation issues reported by CI
http://mails.dpdk.org/archives/test-report/2023-February/360051.html
Please fix and ensure compilation is not broken with different versions of OpenSSL.
>
> Added SM3 support in openssl, and added SM4-EBC/
> SM4-CBC/SM4-CTR support in openssl.
>
> Signed-off-by: Sunyang Wu <sunyang.wu@jaguarmicro.com>
> ---
> doc/guides/cryptodevs/features/openssl.ini | 4 +
> doc/guides/cryptodevs/openssl.rst | 4 +
> drivers/crypto/openssl/rte_openssl_pmd.c | 20 +++++
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 82 ++++++++++++++++++++
> 4 files changed, 110 insertions(+)
>
> diff --git a/doc/guides/cryptodevs/features/openssl.ini
> b/doc/guides/cryptodevs/features/openssl.ini
> index 4b0f9b162e..efa339da55 100644
> --- a/doc/guides/cryptodevs/features/openssl.ini
> +++ b/doc/guides/cryptodevs/features/openssl.ini
> @@ -27,6 +27,9 @@ AES CTR (256) = Y
> 3DES CBC = Y
> 3DES CTR = Y
> DES DOCSIS BPI = Y
> +SM4 ECB = Y
> +SM4 CBC = Y
> +SM4 CTR = Y
> ;
> ; Supported authentication algorithms of the 'openssl' crypto driver.
> ;
> @@ -44,6 +47,7 @@ SHA384 HMAC = Y
> SHA512 = Y
> SHA512 HMAC = Y
> AES GMAC = Y
> +SM3 = Y
>
> ;
> ; Supported AEAD algorithms of the 'openssl' crypto driver.
> diff --git a/doc/guides/cryptodevs/openssl.rst
> b/doc/guides/cryptodevs/openssl.rst
> index 03041ceda1..07dbd2763b 100644
> --- a/doc/guides/cryptodevs/openssl.rst
> +++ b/doc/guides/cryptodevs/openssl.rst
> @@ -19,10 +19,13 @@ OpenSSL PMD has support for:
>
> Supported cipher algorithms:
>
> +* ``RTE_CRYPTO_CIPHER_SM4_ECB``
> * ``RTE_CRYPTO_CIPHER_3DES_CBC``
> * ``RTE_CRYPTO_CIPHER_AES_CBC``
> +* ``RTE_CRYPTO_CIPHER_SM4_CBC``
> * ``RTE_CRYPTO_CIPHER_AES_CTR``
> * ``RTE_CRYPTO_CIPHER_3DES_CTR``
> +* ``RTE_CRYPTO_CIPHER_SM4_CTR``
> * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
>
> Supported authentication algorithms:
> @@ -34,6 +37,7 @@ Supported authentication algorithms:
> * ``RTE_CRYPTO_AUTH_SHA256``
> * ``RTE_CRYPTO_AUTH_SHA384``
> * ``RTE_CRYPTO_AUTH_SHA512``
> +* ``RTE_CRYPTO_AUTH_SM3``
> * ``RTE_CRYPTO_AUTH_MD5_HMAC``
> * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
> * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index abcb641a44..4c9f12355f 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -240,6 +240,17 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm
> sess_algo, size_t keylen,
> res = -EINVAL;
> }
> break;
> +#ifndef OPENSSL_NO_SM4
Where is OPENSSL_NO_SM4 defined?
We cannot just add a piece of DEAD code in the driver.
> + case RTE_CRYPTO_CIPHER_SM4_ECB:
> + *algo = EVP_sm4_ecb();
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_CBC:
> + *algo = EVP_sm4_cbc();
> + break;
> + case RTE_CRYPTO_CIPHER_SM4_CTR:
> + *algo = EVP_sm4_ctr();
> + break;
> +#endif
> default:
> res = -EINVAL;
> break;
> @@ -284,6 +295,11 @@ get_auth_algo(enum rte_crypto_auth_algorithm
> sessalgo,
> case RTE_CRYPTO_AUTH_SHA512_HMAC:
> *algo = EVP_sha512();
> break;
> +#ifndef OPENSSL_NO_SM3
> + case RTE_CRYPTO_AUTH_SM3:
> + *algo = EVP_sm3();
> + break;
> +#endif
> default:
> res = -EINVAL;
> break;
> @@ -483,6 +499,9 @@ openssl_set_session_cipher_parameters(struct
> openssl_session *sess,
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CTR:
> + case RTE_CRYPTO_CIPHER_SM4_ECB:
> + case RTE_CRYPTO_CIPHER_SM4_CBC:
> + case RTE_CRYPTO_CIPHER_SM4_CTR:
> sess->cipher.mode = OPENSSL_CIPHER_LIB;
> sess->cipher.algo = xform->cipher.algo;
> sess->cipher.ctx = EVP_CIPHER_CTX_new();
> @@ -636,6 +655,7 @@ openssl_set_session_auth_parameters(struct
> openssl_session *sess,
> case RTE_CRYPTO_AUTH_SHA256:
> case RTE_CRYPTO_AUTH_SHA384:
> case RTE_CRYPTO_AUTH_SHA512:
> + case RTE_CRYPTO_AUTH_SM3:
> sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
> if (get_auth_algo(xform->auth.algo,
> &sess->auth.auth.evp_algo) != 0)
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..bd908b40fa 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -269,6 +269,28 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> }, }
> }, }
> },
> + {
> + /* SM3 */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
> + {.auth = {
> + .algo = RTE_CRYPTO_AUTH_SM3,
> + .block_size = 64,
> + .key_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + },
> + .digest_size = {
> + .min = 32,
> + .max = 32,
> + .increment = 0
> + },
> + .aad_size = { 0 }
> + }, }
> + }, }
> + },
> { /* AES CBC */
> .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> {.sym = {
> @@ -494,6 +516,66 @@ static const struct rte_cryptodev_capabilities
> openssl_pmd_capabilities[] = {
> }, }
> }, }
> },
> + { /* SM4 ECB */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 0,
> + .max = 0,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 CBC */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> + { /* SM4 CTR */
> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
> + {.sym = {
> + .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
> + {.cipher = {
> + .algo = RTE_CRYPTO_CIPHER_SM4_CTR,
> + .block_size = 16,
> + .key_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + },
> + .iv_size = {
> + .min = 16,
> + .max = 16,
> + .increment = 0
> + }
> + }, }
> + }, }
> + },
> { /* RSA */
> .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
> {.asym = {
> --
> 2.19.0.rc0.windows.1
> Subject: RE: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
>
> > Subject: [EXT] [PATCH] crypto/openssl: support SM3/SM4 in openssl
>
> You should update the title with version number to identify each
> Version and remove confusion.
>
> Also, I see that there are compilation issues reported by CI
> http://mails.dpdk.org/archives/test-report/2023-February/360051.html
>
> Please fix and ensure compilation is not broken with different versions of
> OpenSSL.
>
Also can you or Kai add test vectors for verification in test app.
As SM3/SM4 are supported by QAT and openSSL.
@@ -27,6 +27,9 @@ AES CTR (256) = Y
3DES CBC = Y
3DES CTR = Y
DES DOCSIS BPI = Y
+SM4 ECB = Y
+SM4 CBC = Y
+SM4 CTR = Y
;
; Supported authentication algorithms of the 'openssl' crypto driver.
;
@@ -44,6 +47,7 @@ SHA384 HMAC = Y
SHA512 = Y
SHA512 HMAC = Y
AES GMAC = Y
+SM3 = Y
;
; Supported AEAD algorithms of the 'openssl' crypto driver.
@@ -19,10 +19,13 @@ OpenSSL PMD has support for:
Supported cipher algorithms:
+* ``RTE_CRYPTO_CIPHER_SM4_ECB``
* ``RTE_CRYPTO_CIPHER_3DES_CBC``
* ``RTE_CRYPTO_CIPHER_AES_CBC``
+* ``RTE_CRYPTO_CIPHER_SM4_CBC``
* ``RTE_CRYPTO_CIPHER_AES_CTR``
* ``RTE_CRYPTO_CIPHER_3DES_CTR``
+* ``RTE_CRYPTO_CIPHER_SM4_CTR``
* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
Supported authentication algorithms:
@@ -34,6 +37,7 @@ Supported authentication algorithms:
* ``RTE_CRYPTO_AUTH_SHA256``
* ``RTE_CRYPTO_AUTH_SHA384``
* ``RTE_CRYPTO_AUTH_SHA512``
+* ``RTE_CRYPTO_AUTH_SM3``
* ``RTE_CRYPTO_AUTH_MD5_HMAC``
* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
@@ -240,6 +240,17 @@ get_cipher_algo(enum rte_crypto_cipher_algorithm sess_algo, size_t keylen,
res = -EINVAL;
}
break;
+#ifndef OPENSSL_NO_SM4
+ case RTE_CRYPTO_CIPHER_SM4_ECB:
+ *algo = EVP_sm4_ecb();
+ break;
+ case RTE_CRYPTO_CIPHER_SM4_CBC:
+ *algo = EVP_sm4_cbc();
+ break;
+ case RTE_CRYPTO_CIPHER_SM4_CTR:
+ *algo = EVP_sm4_ctr();
+ break;
+#endif
default:
res = -EINVAL;
break;
@@ -284,6 +295,11 @@ get_auth_algo(enum rte_crypto_auth_algorithm sessalgo,
case RTE_CRYPTO_AUTH_SHA512_HMAC:
*algo = EVP_sha512();
break;
+#ifndef OPENSSL_NO_SM3
+ case RTE_CRYPTO_AUTH_SM3:
+ *algo = EVP_sm3();
+ break;
+#endif
default:
res = -EINVAL;
break;
@@ -483,6 +499,9 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
+ case RTE_CRYPTO_CIPHER_SM4_ECB:
+ case RTE_CRYPTO_CIPHER_SM4_CBC:
+ case RTE_CRYPTO_CIPHER_SM4_CTR:
sess->cipher.mode = OPENSSL_CIPHER_LIB;
sess->cipher.algo = xform->cipher.algo;
sess->cipher.ctx = EVP_CIPHER_CTX_new();
@@ -636,6 +655,7 @@ openssl_set_session_auth_parameters(struct openssl_session *sess,
case RTE_CRYPTO_AUTH_SHA256:
case RTE_CRYPTO_AUTH_SHA384:
case RTE_CRYPTO_AUTH_SHA512:
+ case RTE_CRYPTO_AUTH_SM3:
sess->auth.mode = OPENSSL_AUTH_AS_AUTH;
if (get_auth_algo(xform->auth.algo,
&sess->auth.auth.evp_algo) != 0)
@@ -269,6 +269,28 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
+ {
+ /* SM3 */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
+ {.auth = {
+ .algo = RTE_CRYPTO_AUTH_SM3,
+ .block_size = 64,
+ .key_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ },
+ .digest_size = {
+ .min = 32,
+ .max = 32,
+ .increment = 0
+ },
+ .aad_size = { 0 }
+ }, }
+ }, }
+ },
{ /* AES CBC */
.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
{.sym = {
@@ -494,6 +516,66 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
+ { /* SM4 ECB */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_ECB,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 0,
+ .max = 0,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SM4 CBC */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CBC,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
+ { /* SM4 CTR */
+ .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ {.sym = {
+ .xform_type = RTE_CRYPTO_SYM_XFORM_CIPHER,
+ {.cipher = {
+ .algo = RTE_CRYPTO_CIPHER_SM4_CTR,
+ .block_size = 16,
+ .key_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ },
+ .iv_size = {
+ .min = 16,
+ .max = 16,
+ .increment = 0
+ }
+ }, }
+ }, }
+ },
{ /* RSA */
.op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
{.asym = {